From: kindloaf@gmail.com (Hong) Date: Sat, 6 Sep 2008 22:57:26 -0400 Subject: [refpolicy] Cannot use SSH with Refpolicy in Ubuntu Hardy In-Reply-To: References: Message-ID: To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com Thanks for your reply, Justin. I just changed the line `SELINUX=enforcing` to `SELINUX=permissive` and reboot the system. After reboot, I checked `getenforce` and it returned `permissive`. But still I cannot ssh to the machine remotely... After each try with a correct password, /var/log/message doesn't grow but /var/log/audit/audit.log grows with one line. If I tried with an incorrect password, neither of the two log files changed. Hong On Sat, Sep 6, 2008 at 10:18 PM, Justin P. Mattock wrote: > I know this might sound stupid, but > Check and make sure /etc/selinux/config is in permissive > As well. I.g. A few months ago I couldn't boot, because of having that file > In enforcing. > > justin P. Mattock > > > > > On Sep 6, 2008, at 5:36 PM, Hong wrote: > > Hi, >> >> I downloaded the source of refpolicy in Hardy. (`apt-get source >> refpolicy`). I compiled the policy and loaded it. And then I reboot the >> system with PERMISSIVE mode. (add `enforcing=0` in the kernel options when >> booting) >> >> Now I cannot login the system remotely using ssh. Note that the system is >> in PERMISSIVE mode! (`getenforce` returns `Permissive`). Everytime I tried >> `ssh my_host_name` and enter the correct password, the client side shows >> "Read from remote host my_host_name: Connection reset by peer >> Connection to my_host_name." >> >> And after each unsuccessful login, the /var/log/audit/audit.log file on >> the server added a line: >> "type=ANOM_ABEND msg=audit(1220746818.492:93): audit=4294967295 uid=1000 >> gid=1000 subj=system_u:system_r:sysadm_t pid=4713 comm="sshd" sig=6" >> >> By the way, when I use `make load` to load the policy, there is a one-line >> error message >> '[19691.816572] secuirty; context system-u;system-r;sysadm-mail-t is >> invalid' >> >> I am not quite familiar with the messages. Can anyone help me to see >> what's going? >> >> >> Thanks, >> Hong >> >> >> _______________________________________________ >> refpolicy mailing list >> refpolicy at oss.tresys.com >> http://oss.tresys.com/mailman/listinfo/refpolicy >> > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://oss.tresys.com/pipermail/refpolicy/attachments/20080906/94cb8da0/attachment.html